You are going to configure the service catalog in such a way that the users can provision products only through the service catalog. They cannot provision the product directly from the console. For this configuration, a role is created which service catalog uses to create the products.
-
Go to IAM Management Console. Click on the Roles menu in the left and then click on the Add role button.
-
On the next screen, select Service Catalog as the AWS Service and click on the Next: Permission button.
-
On the next screen, you select AdministratorAccess as the policy and click on the Next: Tags button. You are configuring for the administrative access because it will simplify the creation of services. But in the actual production implementation, such roles are configured with specific permissions.
-
Click on the Next: Review button on the next screen.
-
On the next screen, enter the role name as awsdojocatalogrole and click on the Create role button.
-
The role is created in no time. Let’s create the products in the AWS Service Catalog.